Do not use the same password on multiple accounts.
2. You should not let your browsers( FireFox, Chrome, Opera, IE, Safari ) or FTP client programs save your passwords, any password saved in the browser can be revealed with a simple click using a script.
3. Do not login important accounts with a public computer or a machine of other people.
4. Do not login important accounts with HTTP or FTP connections, because the username and password in the message of a HTTP or FTP connection can be captured easily with a network protocol analyzer like Wireshark, which means that the password can be sniffed or hacked with very little effort. You should use HTTPS or SFTP connections.
5. It’s a good habit to change your passwords regularly.
6. You can manage and encrypt your passwords with password management software. It’s a good idea to add an extra protection to your passwords with the freeware iPassword Generator.
7. Why you should not use long sentences as passwords?

It’s not easy to remember multiple long sentences.

Sometimes you will need to tell a password to somebody, and change the password subsequently.

It’s recommended that you remember 3 to 5 main passwords, and store other passwords with a certain software, for example, you can save all other passwords in a plain text file and encrypt it with TrueCrypt or AxCrypt, or manage them with KeePass, all of them are open source and reliable applications.

You can find good password generators online. Remember to keep your passwords in a safe place.